X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_cred.c;h=8c954c2c6f15f89f353c529ff6c7a0f24004a4ea;hb=25770a55e806a6ec1767f281fcb4245516435fdc;hp=0479c5954915ba61ab7ac47c8d43e7e1c932af25;hpb=865669ae058c6a54ad011ccf5d20a1578a37deae;p=mech_eap.orig

diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c
index 0479c59..8c954c2 100644
--- a/mech_eap/util_cred.c
+++ b/mech_eap/util_cred.c
@@ -37,9 +37,10 @@
 #include "gssapiP_eap.h"
 
 #ifdef WIN32
-#include <shlobj.h>
+# include <shlobj.h>     /* may need to use ShFolder.h instead */
+# include <stdio.h>
 #else
-#include <pwd.h>
+# include <pwd.h>
 #endif
 
 OM_uint32
@@ -57,7 +58,7 @@ gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred)
     }
 
     if (GSSEAP_MUTEX_INIT(&cred->mutex) != 0) {
-        *minor = errno;
+        *minor = GSSEAP_GET_LAST_ERROR();
         gssEapReleaseCred(&tmpMinor, &cred);
         return GSS_S_FAILURE;
     }
@@ -155,10 +156,10 @@ readStaticIdentityFile(OM_uint32 *minor,
         if (!SUCCEEDED(SHGetFolderPath(NULL,
                                        CSIDL_APPDATA, /* |CSIDL_FLAG_CREATE */
                                        NULL, /* User access token */
-                                       0,
+                                       0,    /* SHGFP_TYPE_CURRENT */
                                        szPath))) {
             major = GSS_S_CRED_UNAVAIL;
-            *minor = GetLastError();
+            *minor = GSSEAP_GET_LAST_ERROR(); /* XXX */
             goto cleanup;
         }
 
@@ -167,7 +168,7 @@ readStaticIdentityFile(OM_uint32 *minor,
         if (getpwuid_r(getuid(), &pwd, pwbuf, sizeof(pwbuf), &pw) != 0 ||
             pw == NULL || pw->pw_dir == NULL) {
             major = GSS_S_CRED_UNAVAIL;
-            *minor = errno;
+            *minor = GSSEAP_GET_LAST_ERROR();
             goto cleanup;
         }
 
@@ -306,6 +307,16 @@ gssEapAcquireCred(OM_uint32 *minor,
         GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
     }
 
+    if (cred->flags & CRED_FLAG_ACCEPT) {
+        struct rs_context *radContext;
+
+        major = gssEapCreateRadiusContext(minor, cred, &radContext);
+        if (GSS_ERROR(major))
+            goto cleanup;
+
+        rs_context_destroy(radContext);
+    }
+
     if (pActualMechs != NULL) {
         major = duplicateOidSet(minor, cred->mechanisms, pActualMechs);
         if (GSS_ERROR(major))
@@ -337,7 +348,7 @@ gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech)
     OM_uint32 minor;
     int present = 0;
 
-    assert(mech != GSS_C_NO_OID);
+    GSSEAP_ASSERT(mech != GSS_C_NO_OID);
 
     if (cred == GSS_C_NO_CREDENTIAL || cred->mechanisms == GSS_C_NO_OID_SET)
         return TRUE;
@@ -522,6 +533,40 @@ cleanup:
     return major;
 }
 
+OM_uint32
+gssEapSetCredService(OM_uint32 *minor,
+                     gss_cred_id_t cred,
+                     const gss_name_t target)
+{
+    OM_uint32 major, tmpMinor;
+    gss_name_t newTarget = GSS_C_NO_NAME;
+
+    if (cred->flags & CRED_FLAG_RESOLVED) {
+        major = GSS_S_FAILURE;
+        *minor = GSSEAP_CRED_RESOLVED;
+        goto cleanup;
+    }
+
+    if (target != GSS_C_NO_NAME) {
+        major = gssEapDuplicateName(minor, target, &newTarget);
+        if (GSS_ERROR(major))
+            goto cleanup;
+
+        cred->flags |= CRED_FLAG_TARGET;
+    } else {
+        cred->flags &= ~(CRED_FLAG_TARGET);
+    }
+
+    gssEapReleaseName(&tmpMinor, &cred->target);
+    cred->target = newTarget;
+
+    major = GSS_S_COMPLETE;
+    *minor = 0;
+
+cleanup:
+    return major;
+}
+
 static OM_uint32
 gssEapDuplicateCred(OM_uint32 *minor,
                     const gss_cred_id_t src,
@@ -683,9 +728,10 @@ gssEapResolveInitiatorCred(OM_uint32 *minor,
         if (major == GSS_S_CRED_UNAVAIL)
 #endif
             major = staticIdentityFileResolveInitiatorCred(minor, resolvedCred);
-        if (GSS_ERROR(major))
+        if (GSS_ERROR(major) && major != GSS_S_CRED_UNAVAIL)
             goto cleanup;
 
+        /* If we have a caller-supplied password, the credential is resolved. */
         if ((resolvedCred->flags & CRED_FLAG_PASSWORD) == 0) {
             major = GSS_S_CRED_UNAVAIL;
             *minor = GSSEAP_NO_DEFAULT_CRED;